The Blog

Digital Transformation decoded by James Stewart: The person behind digital transformation of the award-winning GOV.UK

January 26, 2018
•
0 Comment

James Stewart, is technology leader with extensive hands-on experience building capability, setting direction, developing and operating digital services, and leading organizations through substantial change. He’s a regular speaker, appearing at events around the world covering topics from technical architecture and modern development techniques to digital transformation. He is the man behind the technical architecture of the award-winning GOV.UK which was described by O’Reilly Radar as “the default for how government should approach their online efforts in the 21st century”.

#AgileIndia 2018 team spoke with James to dive deeper into Digital Transformation, especially its implications for governments. Here are some of the insights that James shared with us.

Is Data Transformation just another buzz word in the market or is it for real?

Transforming is something you should do because you have a vision of how you can better deliver on your organization’s purpose. If you’ve got that vision then digital transformation (which for me includes getting to grips with your data and putting it to use) can yield huge advantages.

All organizations need to engage deeply not just with technology, but with the big social changes that our increased use of internet-era technologies is bringing about. They’re changing the expectations of customers and employees and offering huge new opportunities. It’ll continue to take time for us to see the full impact of that on our biggest institutions, but anyone who doesn’t adapt will eventually be rendered obsolete.

How do you see Data Transformation shaping governments and new businesses? What are some of the key challenges working with the government set up?

Digital technologies have made it far easier to engage with our customers and colleagues at scale, and at the same time made it radically cheaper to run experiments and try out new ideas. That should be as true for governments as for new businesses, but in practice, it’s a big challenge for more established organizations, whether governments or businesses.

When you’ve built up a culture that values caution and one that is used to doing everything at scale, it’s really hard to switch gears. There are so many different elements to reform: procurement and commercial practices, operational practices, complex hierarchies that don’t let people shine, and many more. To make changes you need leaders with a strong vision who are ready to work across the system, you need to get your pace right, pick your battles carefully, and be in it for the long term.

That said, once things get moving it is amazing how quickly you can see progress. More direct contact with your users and more rapid delivery are infectious.

What are some of the key security concerns when going digital in any setup and how it is different in a government set up?

People who spend any amount of time working on risk management know that most of us have a bias to treat new risks as worse risks than those we already have. Overcoming that bias can be one of the biggest challenges in working with security in a changing, digital environment. It’s a big part of what locks us into established processes that treat security as a pretty static thing that’s approached based on what we’ve always done.

Governments do face some distinctive threats, but a lot of my work over the past few years has been working with some very talented colleagues to make sure we have a proportionate response that doesn’t treat all our systems as if they’re handling top secret information. For most of what governments do, it’s better to spend the time adopting the best practices we see in the commercial world and then working right across the community to raise the quality of those practices.

That said, it’s impossible to ignore these days that there are some very real and very challenging threats that are faced not by governments but really by anyone who’s providing services or storing data using technology. Those threats are evolving and they’re complex and we need to spread understanding of them right across teams and increase our ability to adapt to pace. Agile practices and the focus of digital teams on holistic multi-disciplinary teams provide us with some fantastic tools to deal with that.

I hope people will find some inspiration in what we’ve managed to achieve in the UK government in the past few years, that they’ll get a strong sense of the importance of finding your core purpose, and of the crucial importance of working from the outside in starting with user needs not technology initiatives.

How do you see Digital Transformation shaping the organizations specifically for cloud adoption? Would it be fair to say that cloud investment as a necessity for any digital transformation undertaking for an organization?

Digital organizations prioritize tools and practices that give them flexibility. They’re comfortable working with a range of different suppliers in different ways. And they’d far rather invest in their people than in fixed technology. Cloud is a really important part of that, whether you mean letting your teams choose the best software as service tools that make them productive, or using cloud infrastructure that takes most of the cost out of experimenting while still providing a smooth path to scale.

I generally don’t like to think about cloud as a thing alone, but more as part of a wider set of new practices and tools: agile development, infrastructure as code, a more enabling approach to security, an embrace of operational expenditure over capital commitments, and so on. If you get those things right then cloud lets you consume a lot of the core services you need while moving your investment into learning and skills, rather than metal.

So for the vast majority of organizations cloud adoption has a huge role to play. Moving old systems and services to “the cloud” can be a complex business (though not as complex as we often seem to make it) but new tools should be cloud-based by default and organizations that are already there have a huge advantage.

What are the key security concerns with cloud adaption that organizations need to overcome?
Most established security practices are based on a set of assumptions that no longer hold true (if they ever did): that most work will take place on a corporate network, behind a perimeter firewall; that both our technology and our business processes rarely change; that a well-locked down system will be secure for a long time; and that it’s okay to push complexity on our users to maintain security.

As we move to cloud and adopt digital practices more widely, all of those assumptions crumble. We are using a mix of distributed systems, we are evolving our business processes rapidly as customer expectations shift, and we recognize the research that shows that security efforts that don’t take human behavior into account are bound to fail.

Cloud can be scary because a lot of the controls we are used to, do not apply. It is easy to see it as a free-for-all where any member of staff can adopt a new tool, you’ll lose track of where your data is, sysadmins across the world will have access to your data, and breaches will become ever more commonplace. The fact is that most of those risks exist whether you embrace cloud or not, but we need to deepen our understanding of the threats, of our systems, and of newer security techniques and that takes curiosity and it takes time.

What are the key takeaways from your workshop “Cloud Security Essentials“? Would the attendees be able to apply the learning to their work immediately?

While the focus here is on the cloud, what I really want to help with is ensuring that teams have a good grasp of their services and systems, and have tools to work collaboratively to solve it. Agile practices really emphasize the importance of multi-disciplinary teams with a shared understanding and specific security awareness needs to be part of that. So I’ll be sharing some techniques that help build that, which attendees should be able to take back and use immediately, wherever they are on their cloud journey.